mattip <matti.pi...@gmail.com> added the comment:
> If you use pubkeys.txt from https://www.python.org/static/files/pubkeys.txt, > then GPG verification gives you no additional security I am confused. If the pubkeys.txt on python.org has no benefit, why does it exist? What is considered best practices for people wanting to verify the download from https://www.python.org/ftp ? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37967> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com